I'm not proposing to "secure things with CA" - but SSL certs (and code signing certs) need the CA system unless you want to rely on self-signed certs (and how do you verify the validity of those, then?).
Ok, let me rephrase that. You're implicitly assuming that CAs provide authentication. <a href="http://www.schneier....impressive_phis.html
">They don't</a>. If you ever read legal disclaimers made by CAs, you may notice that they are not claiming to provide authentication, but rather disclaiming this.
The whole situation is extremely ridiculous. The only real difference between CA-signed and self-signed certificate is that CA-signed certificate leaves you a few bucks poorer.
A bank could issue me with instructions for checking certificate signature. In person. (The bank, in fact, already gives me password generator device. What bank actually needs is good old simple shared secret cryptosystem - using this generator's code as shared secret. SSL doesn't support anything of that sort, and using SSL in this context is like hammering in screws because all we got is a hammer and a screw looks similar enough to a nail)
In case of SSL certificates, you know, there's no bigass warning for real spoof site. The only warning you have for real spoof is lack of tiny yellow lock icon.Which is enough for power users (the ones that be keeping their software up todate, unlike regular users).
Don't you see what's ridiculous here? The only warning for real phishing victims is absence of yellow lock icon. Yet the browser displays extreme warnings for self signed certificates.
Authentication isn't the only thing SSL does, though, confidentality and tamper-resistance are just as important.
Indeed. What we have in practice is that a lot of sites which need confidentiality and tamper-resistance but not so much authentication are not using SSL at all because a browser displays scary warnings for self signed or expired certificate but no warnings what so ever for unsecured site.
The bigass warning is mostly shown to customers of legitimate businesses whom forgot to pay racket money (forgot to renew certificate).And I do believe this is a problem. SSL certs and code signing certs are a bit on the expensive side. Code signing certs are slightly difficult to obtain, but that's mostly a positive thing, though.
There's been no known case of use of expired certificate by malicious party. Yearly expiration is only good for CA revenues, as means of protection it is laughable. On average, there will be 6 months from leak of current certificate to it's expiration; surely, the certificate should be revoked much sooner.
edit: to make it clearer.
Browser behaviour for increasing security level:
0: No SSL: absence of tiny yellow padlock icon [that's all the warning most phishing victims get].
1.0: SSL with no 'authentication' or expired certificate: extremely scary warnings [which no phishing victims ever see].
1.1: SSL, CA-issued certificate (very insecure authentication by CA): no warnings.[some phishers obtain CA-issued certificate]
End result: level 1, which most often is good enough against plausible attacks (sniffing) is unusable; a lot of sites which should use level 1 use level 0; a few use level 1.1, providing immense revenues for CAs.